Description
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References (4)
Core 4
Core References
Exploit, Issue Tracking, Permissions Required, Third Party Advisory x_refsource_misc
https://bugs.exim.org/show_bug.cgi?id=1592
Mailing List, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
Release Notes, Third Party Advisory x_refsource_confirm
https://www.pcre.org/original/changelog.txt
Third Party Advisory x_refsource_misc
https://fortiguard.com/zeroday/FG-VD-15-016
Scores
CVSS v3
5.5
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (5)
mariadb/mariadb
10.0.0 - 10.0.18
opensuse/opensuse
13.1
opensuse/opensuse
13.2
pcre/pcre
< 8.37
php/php
5.4.0 - 5.4.41
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026